Articles In Security

By Brian Wagner, Posted in Infrastructure, Security, Support

This is a tough time for many of our customers. We’ve been busy helping everyone expand their remote access capabilities to deliver secure apps and desktops to users working from home around the globe. While Citrix has been able to do a good job keeping up with the orders and license fulfillment, and many other vendors have been quick to offer options to help analyze and scale out other aspects of the environment, such as firewalls and VDI infrastructure capacity planning, some vendors haven’t... read more.

  • March 20, 2020

By Stephen Kilcoyne, Posted in Infrastructure, Security, Support

As the COVID-19 outbreak continues, it’s important to remember that we’re all in this together. Communities and companies are working together to help stem the tide of the outbreak. The most important thing we can all do right now is maintain social distance, and for many that means working from home.  In recent weeks, our customers have been relying on us to help them enable, monitor, and support wide-scale work from home initiatives. These efforts include extending existing Citrix enviro... read more.

  • March 18, 2020

By Nancy Rand, Posted in Security

In December 2019, the PCI SSC Council released documents on the PCI SSC Contactless Payments on Commercial Off-the-Shelf (COTS) (CPoC™) program operated and managed by PCI Security Standards Council, LLC supporting the Payment Card Industry (PCI) Contactless Payments on COTS (CPoC™) Standard. Payment Card Industry (PCI) Contactless Payments on COTS (CPoC™) Program Guide Version 1.0 December 2019 Payment Card Industry (PCI) Contactless Payments on COTS (CPoC™) Security and Test Re... read more.

  • March 16, 2020

By Timothy Karl, Posted in Infrastructure, Security

Microsoft Windows 7 and Windows Server 2008 reached end of life on January 14, 2020. This means that Microsoft will no longer be releasing free security patches, updates, or support when something goes wrong. Although these operating systems won’t instantly stop working or become security risks overnight, there are risks with staying on these operating systems for an extended period of time. What happens if I stay on these operating systems? There is a huge risk of being exploited by cyber crimina... read more.

  • January 16, 2020

By Timothy Karl, Posted in Infrastructure, Security

On December 17, 2019, Citrix released a critical advisory regarding a vulnerability that allows for remote code execution: CVE-2019-19781 - Vulnerability in Citrix Application Delivery Controller and Citrix Gateway (https://support.citrix.com/article/CTX267027). The vulnerability exploits a directory traversal attack on the /vpn directory on the NetScaler. It allows for remote execution of code under the user nobody. Gotham previously alerted customers to this vulnerability. Citrix plans to release a perma... read more.

  • January 15, 2020

By Ed Bratter, Posted in Infrastructure, Security

Perhaps one of the most popular features of Exchange is the ability to connect Outlook running on a PC to Exchange over the Internet when outside the corporate network without the need to establish a VPN connection. This feature was introduced with Exchange 2003 and is called Outlook Anywhere. Of course, convenience always comes at a price: once enabled, Outlook Anywhere allows anyone with Outlook to connect to Exchange from any PC regardless of who owns it. Many organizations want or need to restrict Outlo... read more.

  • January 10, 2020

By Nancy Rand, Posted in Security

The PCI DSS Council recently announced that a new standard for commercial off the shelf (COTS) mobile devices, PCI Contactless Payments on COTS (CPoC™) mobile devices, is to be released in December 2019. The current PCI DSS standard covers contactless payment methods, but the new publication provides detail on the mobile payment options. On October 28, the council is releasing an RFC on PCI DSS version 4.0 to assessors to provide feedback on the draft of the new version. New and revised requirements... read more.

  • October 28, 2019

By Nancy Rand, Posted in Security

The PCI DSS Council released overview and mapping documents to map PCI DSS requirements to the NIST Cybersecurity Framework. As stated in the mapping document: The mapping covers all NIST Framework functions and categories, with PCI DSS requirements directly mapping to 96 of the 108 subcategories. The mapping is based on PCI DSS v3.2.1 and the Cybersecurity Framework v1.1, using the 2018-04-16_framework_v.1.1_core spreadsheet1 The PCI DSS documents show how PCI DSS requirements can help when working... read more.

  • July 23, 2019

By Brian Wagner, Posted in Infrastructure, Security, Storage

One of the most common attack vectors for cloud servers is through Remote Desktop Protocol (RDP) or Secure Shell (SSH). When administrators build servers in the cloud, Microsoft and AWS had typically assigned a public IP to ease management of the servers. There is no VMware Console equivalent in the cloud, so RDP or SSH are the only way to manage a server. The problem starts when that public IP is assigned. Hackers are constantly running scans on the IP ranges owned by the cloud providers, and as soon as a... read more.

  • July 10, 2019

By Nancy Rand, Posted in Security

Q2 2019 NIST Privacy Framework Additional Documentation The NIST Privacy Framework group has published new documents to complement the Privacy Framework Draft document. The NIST Privacy Framework Discussion Draft Core (Excel) spreadsheet facilitates an organization’s consideration of the elements of the framework. The Comparison of Privacy Framework and Cybersecurity Framework Cores (PDF) presents a side-by-side view of each framework’s corresponding elements for review. Each document furthe... read more.

  • May 30, 2019